Re: courier-ldap: userPassword with and without {crypt} [patch]

To: Russell Coker <russell@coker.com.au>
Cc: <debian-devel@lists.debian.org>
Subject: Re: courier-ldap: userPassword with and without {crypt} [patch]
From: Piotr Roszatycki <Piotr_Roszatycki@netia.net.pl>
Date: Thu, 31 May 2001 17:56:00 +0200 (CEST)
Message-id: <[🔎] Pine.LNX.4.33.0105311752540.6653-100000@ginger.loc.internetia.pl>
In-reply-to: <[🔎] 0105311349240L.03973@lyta>

On Thu, 31 May 2001, Russell Coker wrote:
> > This is my patch for autodetection crypted password. The same behaviour
> > has pam_ldap.so module.
>
> Good work, that's a necessary feature.
>
> But doesn't Courier support password authentication by binding to the LDAP?
>
> When configuring LDAP I prefer to have applications chech the passwork by
> binding, this way things can be configured so that the application lacks read
> privs to the userPassword attribute and thus if a hostile user gets that
> level of access they can't do anything other than a brute-force attack.

As far as I read the source, you should set the LDAP_AUTHBIND variable.
Of course, this method should require more resources than checking by
courier itself.

-- 
Piotr Roszatycki, Netia Telekom S.A.                    .''`.
mailto:Piotr_Roszatycki@netia.net.pl                   : :' :
mailto:dexter@debian.org                               `. `'
                                                         `-

Reply to:

References:
- Re: courier-ldap: userPassword with and without {crypt} [patch]
  - From: Russell Coker <russell@coker.com.au>

Prev by Date: Re: Intent to Rewrite: pwgen
Next by Date: Re: Intent to Rewrite: pwgen
Previous by thread: Re: courier-ldap: userPassword with and without {crypt} [patch]
Next by thread: ITP: squeak-vm, squeak-image, squeak-sources -- A highly portable Smaltalk system
Index(es):
- Date
- Thread